From 878037af6a8def04383c820023d5cc795d735444 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 12 Apr 2023 18:07:00 +0000 Subject: [PATCH] cargo-vet: Regenerate imports --- qa/supply-chain/config.toml | 24 -------------- qa/supply-chain/imports.lock | 62 ++++++++++++++++-------------------- 2 files changed, 27 insertions(+), 59 deletions(-) diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index d3e4a08ab..2112bfa6f 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -186,10 +186,6 @@ criteria = "safe-to-deploy" version = "1.0.68" criteria = "safe-to-deploy" -[[exemptions.cxxbridge-flags]] -version = "1.0.68" -criteria = "safe-to-deploy" - [[exemptions.cxxbridge-macro]] version = "1.0.68" criteria = "safe-to-deploy" @@ -286,10 +282,6 @@ criteria = "safe-to-deploy" version = "1.8.0" criteria = "safe-to-deploy" -[[exemptions.httpdate]] -version = "1.0.2" -criteria = "safe-to-deploy" - [[exemptions.hyper]] version = "0.14.25" criteria = "safe-to-deploy" @@ -470,10 +462,6 @@ criteria = "safe-to-deploy" version = "0.2.9" criteria = "safe-to-deploy" -[[exemptions.pin-utils]] -version = "0.1.0" -criteria = "safe-to-deploy" - [[exemptions.poly1305]] version = "0.7.2" criteria = "safe-to-deploy" @@ -694,10 +682,6 @@ criteria = "safe-to-deploy" version = "0.3.16" criteria = "safe-to-deploy" -[[exemptions.try-lock]] -version = "0.2.3" -criteria = "safe-to-deploy" - [[exemptions.typenum]] version = "1.15.0" criteria = "safe-to-deploy" @@ -706,18 +690,10 @@ criteria = "safe-to-deploy" version = "0.9.4" criteria = "safe-to-deploy" -[[exemptions.unicode-xid]] -version = "0.2.4" -criteria = "safe-to-deploy" - [[exemptions.valuable]] version = "0.1.0" criteria = "safe-to-deploy" -[[exemptions.want]] -version = "0.3.0" -criteria = "safe-to-deploy" - [[exemptions.wasi]] version = "0.10.2+wasi-snapshot-preview1" criteria = "safe-to-deploy" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 70de6dab3..59b860d09 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -64,12 +64,23 @@ criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." +[[audits.bytecode-alliance.audits.httpdate]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "1.0.2" +notes = "No unsafety, no io" + [[audits.bytecode-alliance.audits.memoffset]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes." +[[audits.bytecode-alliance.audits.pin-utils]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.0" + [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -96,6 +107,12 @@ intended to multiplex across the internal representation of a tinyvec, presumably. This trivially doesn't contain anything bad. """ +[[audits.bytecode-alliance.audits.try-lock]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.2.4" +notes = "Implements a concurrency primitive with atomics, and is not obviously incorrect" + [[audits.bytecode-alliance.audits.unicode-normalization]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -108,6 +125,11 @@ throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs and nothing suspicious. """ +[[audits.bytecode-alliance.audits.want]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.0" + [[audits.bytecode-alliance.audits.windows-sys]] who = "Dan Gohman " criteria = "safe-to-deploy" @@ -168,6 +190,11 @@ criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." +[[audits.chromeos.audits.cxxbridge-flags]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.92" + [[audits.chromeos.audits.version_check]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -407,30 +434,6 @@ version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-channel]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.21 -> 0.3.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-channel]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.21 -> 0.3.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -718,17 +721,6 @@ criteria = "safe-to-deploy" delta = "1.0.91 -> 1.0.93" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.synstructure]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "0.12.6" -notes = """ -I am the primary author of the `synstructure` crate, and its current -maintainer. The one use of `unsafe` is unnecessary, but documented and -harmless. It will be removed in the next version. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.thiserror]] who = "Mike Hommey " criteria = "safe-to-deploy"